I have tested the free PrevX tool against 2 Gromozon RK variants and it has sucessfully detected and removed on both occaisons

The reason why a lot of the other rootkit apps are missing this one is that RK in question borks the SeDebug priviledges and the softwares fell to run.I believe or though i cannot confirm that the PrevX tool resets those priviledges to bypass this problem

Heres lots of additional information appertaining to this threat which was discovered back in May/June 06 but is probaly the one of the most unpleasent infections todate

On a personal note one of the vendors(SUPERantispyware)that i fast track malware submissions too also have a free software that not only detects and neuters the Gromozon rootkit but also slices and dices the associated imported malware infections todate* that i have submitted(200+ inthe last 2 weeks alone)
http://www.superantispyware.com/

*Since about last weekend the infecting URLS have not been spitting out new variants of payloads but as with all def based software,SAS will only detect what is in their database so for a new disclaimer YMMV if something new comes down the pipes

Back to PrevX tool

Quote:

It also cleans linkoptimizer (realted to gromozon?) which is useful.

Linkoptimizer is adware but this is the tip of the Iceberg with this infection.I have also seen imported&installed the following types of trojans by Gromozon infection
PWS/keylogger
Spambot
DOS Tool
ProcKill
Backdoor
Downloaders

Of which some were golden oldies,some were repackaged golden oldies and some newly emerging malware threats.When the infections were installed on the machine,some(not all) were hidden by the gromozon RK where as others were clearly visible.

Net result one very nasty infection if gained and personally reguardless of what tools are used it is my opinion that the infected computer needs major surgery to regain its security integrity before it can be trusted again, reformat & reinstall time

I've just found another mini-project for the todo list since i have licenses for both PrevX&SAS,i can see how their respective realtime defences deal with this batch of infections at point of delivery _________________Malware hunter....Got Bot ?